CentOS 4.7, Kerberos 1.3.4
Hi All:
This is driving bonkers. A couple of weeks ago I started working on implementing Kerberos. I got as far as getting the primary/master KDC running on our CentOS development system before I got dragged off to work on something a little more pressing. I finally got back to it this week only to find that the krb5kdc service now fails to start. A check of the log files shows it has been working right up until the system was rebooted Sunday night. The reboot itself was not the problem as there had been previous reboots after which krb5kdc was able to restart.
Here are the log entries for that latest retry:
Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): setting up network... Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): setting up network... Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): skipping unrecognized local address family 17 Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): skipping unrecognized local address family 17 krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8 krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8 Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): set up 0 sockets Jun 10 16:29:38 fisds0.forsoft.com krb5kdc[12490](info): set up 0 sockets krb5kdc: no sockets set up? krb5kdc: no sockets set up?
The "unrecognized local address family 17" message were occurring even when it worked so I do not thing they are significant to this problem.
As far as I am aware I have not made any changes to the system that should affect this.
I have done a ton of Google searches but I have not turned up anything that seem to help. Any thoughts or suggestions would be greatly appreciated.
TIA
Regards, Hugh
Hi,
On Wed, Jun 10, 2009 at 19:51, Hugh E Cruickshankhugh@forsoft.com wrote:
krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8 krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8
Is there any process already using port 750 in your machine?
You can find that with this command:
# netstat -nap | grep :750\b
It should also tell you which program it is that is using that port.
I recently had this problem with one of the NFS client processes (rpc.statd?) binding on the rsync port, so the rsync server could not start as the port was already in use.
HTH, Filipe
From: Filipe Brandenburger Sent: June 10, 2009 20:28
On Wed, Jun 10, 2009 at 19:51, Hugh E Cruickshankhugh@forsoft.com wrote:
krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8 krb5kdc: Address already in use - Cannot bind server socket to port 750 address 192.168.2.8
Is there any process already using port 750 in your machine?
You can find that with this command:
# netstat -nap | grep :750\b
It should also tell you which program it is that is using that port.
I recently had this problem with one of the NFS client processes (rpc.statd?) binding on the rsync port, so the rsync server could not start as the port was already in use.
Hi Filipe
Give the man a cigar! rpc.statd strikes again.
Now to figure out how to fix that.
Thanks.
Regards, Hugh
-- Hugh E Cruickshank, Forward Software, www.forward-software.com
Hi,
On Thu, Jun 11, 2009 at 01:23, Hugh E Cruickshankhugh@forsoft.com wrote:
Give the man a cigar! rpc.statd strikes again. Now to figure out how to fix that.
In short term, this command should restart rpc.statd which will probably bind to a different port:
# service nfslock restart
After that, you can restart krb5kdc and it should get its free port (it might take some minutes if the port gets to the TIME_WAIT state).
In long term, you can add the following variable definition to /etc/sysconfig/nfs (you will probably have to create this file):
STATD_PORT=2053
This will bind rpc.statd to a fixed port (2053 in my case).
I also used this file to fix all the other ports of NFS related daemons:
LOCKD_TCPPORT=2050 LOCKD_UDPPORT=2050 RQUOTAD_PORT=2051 MOUNTD_PORT=2052 STATD_PORT=2053 STATD_OUTGOING_PORT=2054
I started them at 2050 as nfsd itself will use 2049. That way I can allow NFS traffic through the firewall by allowing ports 2049-2054 for both TCP and UDP in both directions.
HTH, Filipe
From: Filipe Brandenburger Sent: June 11, 2009 06:13
On Thu, Jun 11, 2009 at 01:23, Hugh E Cruickshankhugh@forsoft.com wrote:
Give the man a cigar! rpc.statd strikes again. Now to figure out how to fix that.
In short term, this command should restart rpc.statd which will probably bind to a different port:
[snip]
Hi Filipe:
Thanks for the additional info. That will be of great help.
Regards, Hugh
From: Hugh E Cruickshank Sent: June 11, 2009 11:18
From: Filipe Brandenburger Sent: June 11, 2009 06:13
On Thu, Jun 11, 2009 at 01:23, Hugh E Cruickshankhugh@forsoft.com wrote:
Give the man a cigar! rpc.statd strikes again. Now to figure out how to fix that.
In short term, this command should restart rpc.statd which will probably bind to a different port:
Thanks for the additional info. That will be of great help.
Hi Filipe:
That worked like a charm - krb5kdc is now running again. Now I can get back to setting up the secondary/slave KDC.
Thanks muchly!
Regards, Hugh
-
Filipe Brandenburger -
Hugh E Cruickshank